Advisers foretold ID's doom

The Identity Card Scheme offers a lesson in the infeasibility of IT systems held to political ransom. The cost of failure was too high for the Labour government. So the Home Office pressed on Quixotically with the system, despite never overcoming its critical weaknesses.

The picture that has emerged with the publication of last week's Independent Scheme Assurance Panel report is one of a government department hashing together on the fly a system of a size, complexity and sensitivity never before attempted. It may have been too big to fail, but it was also too much to handle.

The Home Office was obliged over the years to issue empty assurances that everything was under control and that it was addressing the repeated warnings given by ISAP. Can you handle a project of this size and complexity, asked ISAP in 2007. Yeah, 'course we can, said the Home Office - we've recruited some more executives.

In failing to deliver on those assurances, the department gave an indication of the amount of strain its IT experts must have been under. Working on a panacea project must be like happy-clapping at a cult.

The inconvenient imperfections of the ID plan were spelled out clearly in ISAP's 2007 report, compiled in the year after the Home Office cut the ribbon on the system blueprint and set their IT chumlies off on their futile quest.

After three years of development, the problems still had to be addressed. And very little of the blame could be put on the poor techies building the system. The snags were political. The fault was incompetent ministerial direction.

Writing on the wall

Data security risks identified in 2007 were never brought under control. And much else ISAP and good sense required of the ID project in 2007 was never fully addressed.

Public trust essential to the scheme was never secured. Inter-departmental differences over the accountability, funding and ownership of the cross-government system architecture were never settled. A "robust and transparent" system of data governance was never established. The system requirements were never properly defined and neither were its benefits, though both were crucial, it was and is commonly said, before the system could be properly designed.

Vital skilled staff were never recruited. A system of competent organisational governance was never established. Cross-government support was ever obtained and a cross-government standard of identity data and management was never agreed.

It was being built, against ISAP's advice and accepted wisdom, on "shifting sands". And contracts with suppliers were let, to satisfy a political timetable, despite these crucial preliminaries not being clarified.

This must have been especially awkward for the Home Office and may explain why it disbanded ISAP in 2009. No matter that the oversight panel was set up after the Home Affairs Select Committee said in 2004 that the Gateway review process (through which the Office of Government Commerce usually seeks to prevent embarrassing IT failures) couldn't be trusted to oversee a "project of this scale". Don't worry, said the Home Office, we'll set up an independent oversight board.

Had the Home Office given ISAP more credence, a lot of time and money may have been saved. The panel's first public warning put the writing on the wall: data loss will lead to a loss of public trust that, it implied, would be the project's ruin. There were real risks of data loss, it said. Something had better be done about it because people won't stand for it.

Mind bending

This was to be done with a PR exercise that would win public trust by showing how security concerns had been addressed. People would be told the system's tolerance for errors. Said system would have not only to be "robust" but also "well respected".

The problem was swept under the carpet. Civil servants were being sacked for snooping on the Customer Information System (the DWP database that was to form the biographical core of the ID system) before the scheme began. They were still being sacked after the scheme was scrapped in 2010. The DWP's precautions were shoddy, the security leaks were proving unmanageable and the DWP refused to reveal the error tolerance of the CIS. It may not even have known.

You have to wonder how the ISAP overseers felt about it all in the end. Nokia CEO John Clarke, Cranfield Professor Brian Collins, ex-First Direct Bank CEO Alan Hughes, BAA IT director Malcolm Mitchell, and ex-HSBC Bank CIO Fergie Williams: these sort of people are not used to being fobbed off.

Being from the commercial world, they are also accustomed to developing systems that rely for their success on customer choice. Paradoxically, they advised that the ID scheme would only succeed if everyone was forced to use it. This exposed the lie in Blair's ID sales patter, the come-on-you-know-you-want-it approach to civil security: everyone was going to get it anyway, whether they liked it or not.

Sad ending

"To be successful," the ISAP said, "the scheme has to become the government's (and the commercial sector's) primary means of identifying individuals and controlling updates to and use of their data."

It sounds preposterous now. Citizens no more like the Home Office watching them for their own good than foreigners like having bombs dropped on their heads for their own good.

The ID scheme gives us one other amusing paradox to ponder. From ISAP's perspective, it demonstrated how a lack of transparency in public policy and execution led inevitably to costly failure. Yet had the government come clean about the risks, it may never have won the public's support in the first place.

Transparency is the only hope we have of overcome the endemic problem of public databases being snooped.

What support people had given ID was befooled. The sands shifted so much under the ID scheme that it's hard to say what it was meant to do in the first place. Someone should nose around the Home Office with that very same question in mind. When they come across its fascistic database of identity-carded foreigners they might ponder whether it would ever have been approved either had the opening sales gambit not been ID-for-all.

3 Comments

"The snags were political. The fault was incompetent ministerial direction."

And what's more, you may be right.

But only partially right.

The politicians are guilty, agreed. But you omit from your considerations their officials, i.e. the civil service/"Whitehall", and their in-house consultants and their external consultants and their private sector contractors. They need to be added in to the guilty mix.

Whitehall must at least share the guilt, I would suggest, for wasting hundreds of millions of pounds of our money. They could have dissuaded the politicians. As it is, they didn't, and they ended up issuing one misleading press release after another, to shore up the fantasy of the National Identity Service.

They may even be more guilty than the politicians. They may have pounced on the hysterical David Blunkett as the answer to their dreams, along with Tony Blair, just the sort of pliable hothead they had been waiting for who would respond to the plans they had already prepared for ID cards.

The "poor techies" you refer to rather mawkishly are presumably grown-ups and are presumably paid. Why do you speak of them as though they’re children? Or abandoned pets?

IBM and CSC, incidentally, are still being paid to develop the National Identity Register (NIR) and the new passport application system needed to enrol people onto the NIR. Their contracts haven't been cancelled and they’re not poor techies, not at all, they're very well remunerated. With our money, your money and mine, for no known reason.

"The snags were political. The fault was incompetent ministerial direction."

And what's more, you may be right.

But suppose you're wrong.

The politicians are guilty, agreed, but their officials, the civil service, "Whitehall", may not be the innocent victims you depict.

Whitehall must at least share the guilt, I would suggest, for wasting hundreds of millions of pounds of our money. Whitehall could have dissuaded the politicians. As it is, they didn't, and ended up issuing one misleading press release after another, compounding the lies about the National Identity Service.

They may even be more guilty than the politicians. They may have pounced on the hysterical David Blunkett as the answer to their dreams, just the sort of pliable hothead they had been waiting for who would respond to the plans they had already prepared for ID cards.

The "poor techies" you refer to rather mawkishly are presumably grown-ups and are presumably paid. Why do you speak of them as though they are children? or pets?

IBM and CSC, incidentally, are still being paid to develop the National Identity Register (NIR) and the new passport application system needed to enrol people onto the NIR. Their contracts haven't been cancelled and those aren't poor techies, not at all, they're very well remunerated.

...and examination of the document by which the DWP approved the plan, our poor civil servants were a little giddy about it all.

I'll come back to the IPS' part in it when I publish their feasibility study for the CIS plan.

Suffice to say that it stands to reason they would find in favour of the idea. By February 2007 the scheme's political feasibility was so dependent on the technical feasibility of the CIS plan that the IPS shared an existential interest in it.

If the CIS plan had been deemed unfeasible it would have spelled curtains for the ID scheme. The logic would have run thus: no CIS, no ID scheme; no ID scheme, no Identity and Passport Service. Ergo, the scheme had to be feasible.

Where ministers shared the blame was in their complicity with the IPS' favoured approach to assessing the feasibility of the ID system blueprint: agree it now work out a way to do it later.

The feasibility study never assessed the possibility that they might not work out a way to do it in time and budget, despite that being the long-established approach to the implementation of public sector IT systems.

That's because the IPS was told the feasibility study must not consider any alternatives but the CIS plan...